Difference between revisions of "Viewer Authentication Critique"
Jump to navigation
Jump to search
Matthew Dowd (talk | contribs) |
Rob Linden (talk | contribs) (+CAS) |
||
Line 34: | Line 34: | ||
** OpenID - [http://openid.net/] | ** OpenID - [http://openid.net/] | ||
** CardSpace - [http://msdn2.microsoft.com/en-us/netframework/aa663320.aspx] | ** CardSpace - [http://msdn2.microsoft.com/en-us/netframework/aa663320.aspx] | ||
** CAS - [http://www.ja-sig.org/products/cas/] | |||
== Persistence == | == Persistence == |
Revision as of 11:58, 29 September 2007
This is a formal critique of Viewer Authentication that was requested by User:Rob Linden on the SLDev mailing list.
Security
Pros
- Viewer does not have to process (and "see") username and password
Cons
- Viewer still involves running trusted code on the computer and could initiate other attacks e.g.
- Silently buy L$ and pass onto another account
- Pass token onto bot, and drop the users connection
- Install key logger
- Potential for phishing websites to entice users to enter username and password and then pass control to SL website and viewer.
- Possibility some third party clients will retain the existing UI in order to make it easier for people with alts and multiple clients, and do appropriate GETs and POSTs on the SL to initiate a logon and get the token (thus defeating the original purpose)
- Too reliant on browser/OS implementations
- Relies on browser security, and uses a mechanism often disabled due to security concerns
Alternatives
- One time passwords
- Account restrictions
- CRAM-MD5 or a similar challenge-response type
- Dictionary check to reject insecure passwords
Flexibility
Pros
- Enables username/password authentication to work on third party sites without them having to "see" username and password
Cons
Alternatives
- Use this mechanism for websites (including third party) only but not for viewers
- Identity Metasystem - [1]
Persistence
Pros
Cons
- Inconvenient for those with alts
- Cumbersome to change alts and logon with multiple alts
- Those with alts, often have a primary account which is used for forums and logged on permanently to forums even when the alt is online in SL
- Inconvenient for those with multiple clients
- Danger on public or multi-user machines that the user will log out of the client, but not log out of the website properly allowing the next user to access their account.
Alternatives
- Is this really needed?
Signatories
Please sign this below with "~~~~" if you agree with the version of this document you are reading. The date will indicate which version of the document you read and agree with.
- Matthew Dowd 11:27, 29 September 2007 (PDT)